Commit graph

123 commits

Author SHA1 Message Date
Rémi Lapeyre fb4b85d921
Add support for client certificates to -output-curl-string (#13660)
* Add support for client certificates to -output-curl-string

I did not write tests for this feature as -output-curl-string was not
already tested and this is a simple change. Because the name of the
certificates would be lost once loaded I added fields to Config to keep
track of them. I did not add a public method for the user to set them
explicitely as I don't think anyone would need this functionnality
outside of the Vault CLI.

Closes https://github.com/hashicorp/vault/issues/13376

* Add changelog

* Add lock in ConfigureTLS
2022-01-20 10:25:26 -08:00
Pratyoy Mukhopadhyay 85725ba3ec
OSS changes for ent pr (#13696) 2022-01-19 09:43:12 -08:00
Ben Ash ef8e4008a8
Add ability to optionally clone a Client's token (#13515) 2021-12-22 17:07:26 -05:00
Ben Ash fab2f630b4
Fix properly initialize replicateStateStore from SetReadYourWrites() (#13486)
Fixes an issue where the `replicateStateStore` was being set to `nil`
upon consecutive calls to `client.SetReadYourWrites(true)`.
2021-12-21 16:14:39 -05:00
Ben Ash 0b095588c6
api.Client: support isolated read-after-write (#12814)
- add new configuration option, ReadYourWrites, which enables a Client
  to provide cluster replication states to every request. A curated set
  of cluster replication states are stored in the replicationStateStore,
  and is shared across clones.
2021-10-14 14:51:31 -04:00
vinay-gopalan 458927c2ed
[VAULT-3157] Move mergeStates utils from Agent to api module (#12731)
* move merge and compare states to vault core

* move MergeState, CompareStates and ParseRequiredStates to api package

* fix merge state reference in API Proxy

* move mergeStates test to api package

* add changelog

* ghost commit to trigger CI

* rename CompareStates to CompareReplicationStates

* rename MergeStates and make compareStates and parseStates private methods

* improved error messaging in parseReplicationState

* export ParseReplicationState for enterprise files
2021-10-06 10:57:06 -07:00
Michael Boulding 79662d0842
Patch to support VAULT_HTTP_PROXY variable (#12582)
* patch to support VAULT_HTTP_PROXY variable

* simplify the proxy replacement

* internal code review

* rename to VAULT_HTTP_PROXY, apply within ReadEnvironment

* clean up some unintended whitespace changes

* add docs for the new env variable and a changelog entry

Co-authored-by: Dave Du Cros <davidducros@gmail.com>
2021-10-06 09:40:31 -07:00
Jinlong Chen 666b78911f
Fix client.go (#12608)
Modify one annotation.
2021-09-22 13:07:40 -07:00
Ben Ash e899e2adfa
Add ability to optionally clone an api.Client's headers (#12117) 2021-07-19 17:15:31 -04:00
Jeff Mitchell f7147025dd
Migrate to sdk/internalshared libs in go-secure-stdlib (#12090)
* Swap sdk/helper libs to go-secure-stdlib

* Migrate to go-secure-stdlib reloadutil

* Migrate to go-secure-stdlib kv-builder

* Migrate to go-secure-stdlib gatedwriter
2021-07-15 20:17:31 -04:00
Richard Patel 864d52b9af
Support tls-skip-verify for output-curl-string (#11713) 2021-06-14 11:09:29 -04:00
Rajwinder Mahal 5870c3daa5
api/client: allow configurable values for RetryWaitMin and RetryWaitMax (#11773) 2021-06-11 15:15:21 -04:00
Calvin Leung Huang 8cb48018b7
api/client: provide the ability to set a logger on retryablehttp.Client (#11696)
* api/client: provide the ability to set a logger on retryablehttp.Client

* go mod tidy; fix import ordering

* go mod vendor
2021-05-27 10:25:25 -07:00
Brian Kassouf 303c2aee7c
Run a more strict formatter over the code (#11312)
* Update tooling

* Run gofumpt

* go mod vendor
2021-04-08 09:43:39 -07:00
Andrej van der Zee df159d7622
Respect VAULT_MAX_RETRIES from environment in DefaultConfig() (#10883) 2021-03-02 10:39:20 -08:00
Ace Eldeib 9584c989ca
don't panic on connection errors in DefaultRetryPolicy (#11002)
fixes #11001
2021-02-25 13:16:17 -05:00
Nick Cabatoff c1ddfbb538
OSS parts of the new client controlled consistency feature (#10974) 2021-02-24 06:58:10 -05:00
Josh Black a7aac342bd
Only set the namespace if the env var isn't present (#1519) (#10556) 2020-12-14 11:40:48 -08:00
Josh Black 67ffd0b6de
Fix client.Clone() to include the address. (#10077) 2020-11-06 11:27:35 -08:00
Billie Cleek 009ef0b8a4
document response wrapping behavior (#8156)
Document response wrapping behavior so that it's clear how
WrappingLookupFuncs should behave.
2020-06-08 10:50:48 -04:00
Jeff Mitchell 62ec73340c Update comment in client about canceling the WithTimeout context 2020-05-08 14:48:26 -04:00
Daniel Spangenberg 8007845ba4
Fix SRV Lookups (#8520)
* Pin HTTP Host header for all client requests
* Drop port map scheme
* Add SRV Lookup environment var
* Lookup SRV records only when env var is specified
* Add docs

Co-Authored-By: Michel Vocks <michelvocks@gmail.com>
2020-03-11 14:22:58 +01:00
Becca Petrin c2894b8d05
Add Kerberos auth agent (#7999)
* add kerberos auth agent

* strip old comment

* changes from feedback

* strip appengine indirect dependency
2020-01-09 14:56:34 -08:00
Michel Vocks 0beb645830
Fix SRV lookup if address scheme is known (#8016) 2019-12-16 09:34:40 +01:00
Jeff Mitchell 2b2e61db82
Revert change suggested by vet. See the comment for details. (#7815) 2019-11-06 17:03:37 -05:00
Jeff Mitchell 519d1b3cb8
Fix some vet issues in api package (#7789)
* Dropped cancel func
* Bad struct tag
2019-11-05 12:07:06 -05:00
Joe Dollard 7f843c4c9b support setting the API client retry policy (#7331) 2019-10-28 15:54:59 -04:00
ncabatoff db43d22325
Do not allow the same header map to be shared across requests. (#7690) 2019-10-17 11:48:15 -04:00
Mike Jarmy 510d82551a
Vault Agent Cache Auto-Auth SSRF Protection (#7627)
* implement SSRF protection header

* add test for SSRF protection header

* cleanup

* refactor

* implement SSRF header on a per-listener basis

* cleanup

* cleanup

* creat unit test for agent SSRF

* improve unit test for agent SSRF

* add VaultRequest SSRF header to CLI

* fix unit test

* cleanup

* improve test suite

* simplify check for Vault-Request header

* add constant for Vault-Request header

* improve test suite

* change 'config' to 'agentConfig'

* Revert "change 'config' to 'agentConfig'"

This reverts commit 14ee72d21fff8027966ee3c89dd3ac41d849206f.

* do not remove header from request

* change header name to X-Vault-Request

* simplify http.Handler logic

* cleanup

* simplify http.Handler logic

* use stdlib errors package
2019-10-11 18:56:07 -04:00
Mike Jarmy ecfcdc329e
use api.Config.Timeout instead of http.Client.Timeout for 60s request timeout default (#7469) 2019-09-13 08:28:58 -04:00
Jeff Mitchell f522dd8f35
Add backwards compat support for API env vars (#7135)
Several env vars got renamed in
https://github.com/hashicorp/vault/pull/6306. This re-adds support for
those.

Indirectly addresses
https://github.com/hashicorp/consul-template/pull/1233 although they
should still update to the new values.
2019-07-17 06:29:25 -04:00
Jeff Mitchell 8bcb533a1b
Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
Jeff Mitchell 9f0a6edfcb
Remove some instances of potential recursive locking (#6548) 2019-04-08 12:45:28 -04:00
ncabatoff 9670ec28b1 api.NewClient() now uses $VAULT_NAMESPACE as an input. (#6470)
* api.NewClient() now uses $VAULT_NAMESPACE as an input.

* Remove bogus comments.
2019-03-25 13:23:59 -05:00
Vishal Nayak 1fca0f7b6f Explicit setting of url fields (#6349) 2019-03-05 12:20:16 -08:00
Vishal Nayak ac2b499fc9
Support reading Vault's address from Agent's config file (#6306)
* Support reading Vault's address from Agent's config file

* use consts and switch

* Add tls options to agent config vault block

* Update command/agent/config/config.go

Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>

* remove fmt.Printfs
2019-02-28 17:29:28 -05:00
Vishal Nayak 5037185d5d
Agent Cache: Some review feedback (#6257)
* Revamp agent cache client

* Update command/agent.go

Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>

* Agent cache auto auth token lookup case (#6258)

* agent cache auto auth token lookup case

* Use Blake2b256Hash instead of SHA256

* agent/cache: update cache-clear endpoint; use bytes.NewReader instead (#6259)

* agent/cache: update cache-clear endpoint; use bytes.NewReader instead

* agent/cache: Fix TestCache_ComputeIndexID after switching to blake2b

* agent/cache: Only parse response body if it's non-nil (#6260)

* Differently disable agent address in the API client

* Remove DisableAgent
2019-02-19 16:53:29 -05:00
Vishal Nayak 614ec67b05
address some review back (#6237) 2019-02-15 13:40:03 -05:00
Vishal Nayak feb235d5f8
Vault Agent Cache (#6220)
* vault-agent-cache: squashed 250+ commits

* Add proper token revocation validations to the tests

* Add more test cases

* Avoid leaking by not closing request/response bodies; add comments

* Fix revoke orphan use case; update tests

* Add CLI test for making request over unix socket

* agent/cache: remove namespace-related tests

* Strip-off the auto-auth token from the lookup response

* Output listener details along with configuration

* Add scheme to API address output

* leasecache: use IndexNameLease for prefix lease revocations

* Make CLI accept the fully qualified unix address

* export VAULT_AGENT_ADDR=unix://path/to/socket

* unix:/ to unix://
2019-02-14 20:10:36 -05:00
Jeff Mitchell 82ee4176e6
Add the ability to print curl commands from CLI (#6113) 2019-02-01 17:13:51 -05:00
Jim Kalafut d0e2badbae Run goimports across the repository (#6010)
The result will still pass gofmtcheck and won't trigger additional
changes if someone isn't using goimports, but it will avoid the
piecemeal imports changes we've been seeing.
2019-01-08 16:48:57 -08:00
Sander van Harmelen d4328a6684 Use a pooled HTTP client for the Vault CLI (#5734)
As the CLI client is initialized with a specific Vault address, is makes
sense to use the pooled HTTP client here. This will prevent setting up
new TCP sessions for each API call that the client needs to make.
2018-11-09 10:46:57 -05:00
Becca Petrin 7bd22e6779
Run all builtins as plugins (#5536) 2018-11-06 17:21:24 -08:00
Jeff Mitchell 3b8d0ed72c Update comment on API client's clone method 2018-11-01 12:26:18 -04:00
Jeff Mitchell 66a0029195 Sync some ns stuff to api/command 2018-08-22 14:37:40 -04:00
Jeff Mitchell 3403c7ad9c Add headers accessor and ns function 2018-08-09 18:29:03 -04:00
Brian Kassouf beda7845f6
API: Add context to each raw request call (#4987) 2018-07-24 15:49:55 -07:00
Jeff Mitchell c7981e6417
Clean up request logic and use retryable's more efficient handling (#4670) 2018-06-01 09:12:43 -04:00
Jeff Mitchell 35cb9bc517
Redo API client locking (#4551)
* Redo API client locking

This assigns local values when in critical paths, allowing a single API
client to much more quickly and safely pipeline requests.

Additionally, in order to take that paradigm all the way it changes how
timeouts are set. It now uses a context value set on the request instead
of configuring the timeout in the http client per request, which was
also potentially quite racy.

Trivially tested with
VAULT_CLIENT_TIMEOUT=2 vault write pki/root/generate/internal key_type=rsa key_bits=8192
2018-05-25 14:38:06 -04:00
Jeff Mitchell 03b3914151 Fix fmt 2018-05-11 11:50:10 -04:00